As we approach the end of a turbulent 2021, Insurers, brokers and MGAs are facing ‘work from home’ guidance again. The past 20 months have provided firms with unprecedented challenges and it can be all to easy to overlook day-to-day regulatory requirements when so much change has to be managed. A dispersed workforce comes with its own challenges: my colleague David Porter recently looked at the Financial Conduct Authority (FCA) expectation for firms when adopting home and hybrid working. This article can be found here: FCA Guidance On Remote or Hybrid Working For Regulated Firms (icsr.co.uk).
The clear message from the FCA is that firms must recognise that remote or hybrid working brings with it some additional risks and certainly no respite from the rules.
The prevention of financial crime remains a key area of focus for the FCA. The risk of the insurance sector being used to facilitate financial crime continues to evolve. Cyber crime is a key area of concern for many organisations and is a good example of why a Financial Crime Risk Assessment (FCRA) should not be a static document. Remote and hybrid working brings change to a firm’s risk profile, in the same way changes arise through entering a new product or market. And with that change to the risk profile comes new risks of being used to facilitate financial crime.
The FCA want to see a dynamic FCRA in place which demonstrates Insurers, brokers and MGAs can identify the areas at risk of financial crime and dedicate resources accordingly. The purpose of the FCRA is to highlight the areas that require attention. Once the areas have been identified senior management should be informed and decide on what actions are required to address the risks.
Maintaining your FCRA will require engagement from many stakeholders around the business and it remains a key area of focus to the FCA. Insurers, brokers, and MGA’s will need to ensure they have an adequate financial crime risk assessment in place.
Key business change that can give rise to changing risks of financial crime include:
- New product launches: you need to consider whether the customer profile brings with it a different nature of risk and whether the type of policy itself may be more at risk from being exploited.
- New ways of working: the remote and hybrid working models make it much harder for individuals to collaborate, engage with training and generally stay up to date with any new issues.
- New territories: Brexit has forced many insurers to think differently about international licensing. With an increased appetite for transacting business in new territories comes a changing risk of being exposed to financial crime risks.
- New processes resulting from other regulatory change: the FCA continue to increase the regulatory burden on firms to ensure the insurance sector is working well for consumers. We have seen this with the introduction of the ‘General Insurance Pricing Practices’ rules and the enhanced Product Governance requirements. Neither inherently introduces risk of financial crime as such, but a focus on new rules can result in existing rules being overlooked.
When undertaking your FRCA, start by engaging with senior management to ensure they remain aware of the regulatory environment and can be involved in the review of the profile of the firm. If there has been any change in corporate structure or ownership, the position should be carefully reviewed as this will almost certainly affect the legal and regulatory environment to which the firm must adhere.
Management Information (MI) should provide senior management with sufficient information to understand the financial crime risks to which the firm is exposed. This should allow senior management to assess what actions (if any) are needed to mitigate the firm’s financial crime risks.
We continue to see the emergence of further proof that high profile individuals and entities continue to use ‘tax loopholes’ to shield from the tax authorities. The ‘Pandora Papers’ scandal would have been noted by the FCA and it would come as no surprise if there were further tightening of tax evasion rules in the near future. This is one area that is likely to see change, but there will be others.
The sanctions landscape continues to evolve, with sanctions continuing to be used as a political instrument to bring about change. With the increasing regulatory obligations, firms can be forgiven for overlooking ‘Business as Usual’ activities. The reality is that your financial crime risk assessment should be a continuous process of assessment, review and update, with a formal re-appraisal taking place at least annually.
If you would like assistance undertaking a financial crime risk assessment for your business or have any questions about what needs to be included, please contact Nicky Hasler, or any other member of the team.